Amazon Linux 2 Security Advisory: ALAS2LIVEPATCH-2025-268
Advisory Released Date: 2025-09-29
Advisory Updated Date: 2025-09-29
Severity:
Important
References:
CVE-2025-38527
CVE-2025-39677
CVE-2025-39691
CVE-2025-39730
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix use-after-free in cifs_oplock_break (CVE-2025-38527)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Fix backlog accounting in qdisc_dequeue_internal (CVE-2025-39677)
In the Linux kernel, the following vulnerability has been resolved:
fs/buffer: fix use-after-free when call bh_read() helper (CVE-2025-39691)
In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CVE-2025-39730)
Affected Packages:
kernel-livepatch-5.10.238-231.953
Issue Correction:
Please ensure you have live patching enabled. Run yum update kernel-livepatch-5.10.238-231.953 or yum update --advisory ALAS2LIVEPATCH-2025-268 to update your system.
New Packages:
aarch64:
kernel-livepatch-5.10.238-231.953-1.0-5.amzn2.aarch64
src:
kernel-livepatch-5.10.238-231.953-1.0-5.amzn2.src
x86_64:
kernel-livepatch-5.10.238-231.953-1.0-5.amzn2.x86_64